Invision Gallery@2.0.3 Security Vulnerabilities and Issues — Invision Gallery@2.0.3 CVE List

Lucene search

Invision Power ServicesInvision Gallery2.0.3

4 matches found

CVE•added 2005/11/03 2:2 a.m.•36 views

CVE-2005-3477

Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312. NOTE: ...

4.3CVSS5.7AI score0.27241EPSS

CVE•added 2006/10/10 4:6 a.m.•35 views

CVE-2006-5206

SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.

7.5CVSS8.9AI score0.00275EPSS

CVE•added 2005/11/01 12:47 p.m.•33 views

CVE-2005-3395

SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.

7.5CVSS8.4AI score0.00453EPSS

CVE•added 2006/10/10 4:6 a.m.•28 views

CVE-2006-5205

Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.

5CVSS7.2AI score0.02992EPSS